search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / view_filters_page.php
blob94de01e2f62abde639b9e9cb9e8877a1fdab4906
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * @package MantisBT
19 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
20 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
21 * @link http://www.mantisbt.org
22 *
23 * @uses core.php
24 * @uses access_api.php
25 * @uses authentication_api.php
26 * @uses compress_api.php
27 * @uses config_api.php
28 * @uses constant_inc.php
29 * @uses current_user_api.php
30 * @uses custom_field_api.php
31 * @uses filter_api.php
32 * @uses filter_constants_inc.php
33 * @uses gpc_api.php
34 * @uses helper_api.php
35 * @uses html_api.php
36 * @uses lang_api.php
37 * @uses print_api.php
38 * @uses string_api.php
39 * @uses version_api.php
40 */
41
42 /**
43 * MantisBT Core API's
44 */
45 require_once( 'core.php' );
46 require_api( 'access_api.php' );
47 require_api( 'authentication_api.php' );
48 require_api( 'compress_api.php' );
49 require_api( 'config_api.php' );
50 require_api( 'constant_inc.php' );
51 require_api( 'current_user_api.php' );
52 require_api( 'custom_field_api.php' );
53 require_api( 'filter_api.php' );
54 require_api( 'filter_constants_inc.php' );
55 require_api( 'gpc_api.php' );
56 require_api( 'helper_api.php' );
57 require_api( 'html_api.php' );
58 require_api( 'lang_api.php' );
59 require_api( 'print_api.php' );
60 require_api( 'string_api.php' );
61 require_api( 'version_api.php' );
62
63 auth_ensure_user_authenticated();
64
65 compress_enable();
66
67 html_page_top();
68
69 $t_filter = filter_get_default();
70 $t_target_field = rtrim( gpc_get_string( 'target_field', '' ), '[]');
71 if ( !isset( $t_filter[ $t_target_field ] ) ) {
72 $t_target_field = '';
73 }
74
75 /** @todo thraxisp - could this be replaced by a call to filter_draw_selection_area2 */
76
77 $t_filter = current_user_get_bug_filter();
78 if( $t_filter === false ) {
79 $t_filter = filter_get_default();
80 }
81 $t_project_id = helper_get_current_project();
82
83 $t_current_user_access_level = current_user_get_access_level();
84 $t_accessible_custom_fields_ids = array();
85 $t_accessible_custom_fields_names = array();
86 $t_accessible_custom_fields_type = array() ;
87 $t_accessible_custom_fields_values = array();
88 $t_filter_cols = config_get( 'filter_custom_fields_per_row' );
89 $t_custom_cols = 1;
90 $t_custom_rows = 0;
91
92 #get valid target fields
93 $t_fields = helper_get_columns_to_view();
94 $t_n_fields = count( $t_fields );
95 for ( $i=0; $i < $t_n_fields; $i++ ) {
96 if ( in_array( $t_fields[$i], array( 'selection', 'edit', 'bugnotes_count', 'attachment' ) ) ) {
97 unset( $t_fields[$i] );
98 }
99 }
100
101 if ( ON == config_get( 'filter_by_custom_fields' ) ) {
102 $t_custom_cols = $t_filter_cols;
103 $t_custom_fields = custom_field_get_linked_ids( $t_project_id );
104
105 foreach ( $t_custom_fields as $t_cfid ) {
106 $t_field_info = custom_field_cache_row( $t_cfid, true );
107 if ( $t_field_info['access_level_r'] <= $t_current_user_access_level && $t_field_info['filter_by']) {
108 $t_accessible_custom_fields_ids[] = $t_cfid;
109 $t_accessible_custom_fields_names[] = $t_field_info['name'];
110 $t_accessible_custom_fields_types[] = $t_field_info['type'];
111 $t_accessible_custom_fields_values[] = custom_field_distinct_values( $t_field_info, $t_project_id );
112 $t_fields[] = "custom_" . $t_field_info['name'];
113 }
114 }
115
116 if ( count( $t_accessible_custom_fields_ids ) > 0 ) {
117 $t_per_row = config_get( 'filter_custom_fields_per_row' );
118 $t_custom_rows = ceil( count( $t_accessible_custom_fields_ids ) / $t_per_row );
119 }
120 }
121
122 if ( !in_array( $t_target_field, $t_fields ) ) {
123 $t_target_field = '';
124 }
125
126 $f_for_screen = gpc_get_bool( 'for_screen', true );
127
128 $t_action = "view_all_set.php?f=3";
129
130 if ( $f_for_screen == false ) {
131 $t_action = "view_all_set.php";
132 }
133
134 $f_default_view_type = 'simple';
135 if ( ADVANCED_DEFAULT == config_get( 'view_filters' ) ) {
136 $f_default_view_type = 'advanced';
137 }
138
139 $f_view_type = gpc_get_string( 'view_type', $f_default_view_type );
140 if ( ADVANCED_ONLY == config_get( 'view_filters' ) ) {
141 $f_view_type = 'advanced';
142 }
143 if ( SIMPLE_ONLY == config_get( 'view_filters' ) ) {
144 $f_view_type = 'simple';
145 }
146 if ( !in_array( $f_view_type, array( 'simple', 'advanced' ) ) ) {
147 $f_view_type = $f_default_view_type;
148 }
149
150 $t_select_modifier = '';
151 if ( 'advanced' == $f_view_type ) {
152 $t_select_modifier = ' multiple="multiple" size="10"';
153 }
154
155 $t_show_product_version = version_should_show_product_version( $t_project_id );
156 $t_show_build = $t_show_product_version && ( config_get( 'enable_product_build' ) == ON );
157
158 $t_show_tags = access_has_global_level( config_get( 'tag_view_threshold' ) );
159 ?>
160 <div class="filter-box">
161 <form method="post" name="filters" action="<?php echo $t_action; ?>">
162 <?php # CSRF protection not required here - form does not result in modifications ?>
163 <input type="hidden" name="type" value="1" />
164 <input type="hidden" name="view_type" value="<?php echo $f_view_type; ?>" />
165 <?php
166 if ( $f_for_screen == false ) {
167 print '<input type="hidden" name="print" value="1" />';
168 print '<input type="hidden" name="offset" value="0" />';
169 }
170 ?>
171 <table class="width100" cellspacing="1">
172 <tr>
173 <td class="right" colspan="<?php echo ( 8 * $t_custom_cols ); ?>">
174 <?php
175 $f_switch_view_link = 'view_filters_page.php?target_field=' . $t_target_field . '&view_type=';
176
177 if ( ( SIMPLE_ONLY != config_get( 'view_filters' ) ) && ( ADVANCED_ONLY != config_get( 'view_filters' ) ) ) {
178 if ( 'advanced' == $f_view_type ) {
179 print_bracket_link( $f_switch_view_link . 'simple', lang_get( 'simple_filters' ) );
180 } else {
181 print_bracket_link( $f_switch_view_link . 'advanced', lang_get( 'advanced_filters' ) );
182 }
183 }
184 ?>
185 </td>
186 </tr>
187 <tr class="row-category2">
188 <th class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'reporter' ) ?></th>
189 <th class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'monitored_by' ) ?></th>
190 <th class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'assigned_to' ) ?></th>
191 <th class="small-caption" colspan="<?php echo ( 2 * $t_custom_cols ); ?>"><?php echo lang_get( 'category' ) ?></th>
192 <th class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'severity' ) ?></th>
193 <th class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'resolution' ) ?></th>
194 <th class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'profile' ) ?></th>
195 <!-- <td colspan="<?php echo ( ( $t_filter_cols - 8 ) * $t_custom_cols ); ?>">&#160;</td> -->
196 </tr>
197 <tr class="row-1">
198 <!-- Reporter -->
199 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
200 <?php print_filter_reporter_id(); ?>
201 </td>
202 <!-- Monitored by -->
203 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
204 <?php print_filter_user_monitor(); ?>
205 </td>
206 <!-- Handler -->
207 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
208 <?php print_filter_handler_id(); ?>
209 </td>
210 <!-- Category -->
211 <td colspan="<?php echo ( 2 * $t_custom_cols ); ?>">
212 <?php print_filter_show_category(); ?>
213 </td>
214 <!-- Severity -->
215 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
216 <?php print_filter_show_severity(); ?>
217 </td>
218 <!-- Resolution -->
219 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
220 <?php print_filter_show_resolution(); ?>
221 </td>
222 <!-- Profile -->
223 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
224 <?php print_filter_show_profile(); ?>
225 </td>
226 <!-- <td colspan="<?php echo ( ( $t_filter_cols - 8 ) * $t_custom_cols ); ?>">&#160;</td> -->
227 </tr>
228
229 <tr class="row-category2">
230 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'status' ) ?></td>
231 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
232 <?php
233 if ( 'simple' == $f_view_type ) {
234 echo lang_get( 'hide_status' );
235 } else {
236 echo '&#160;';
237 }
238 ?>
239 </td>
240 <?php if ( $t_show_build ) { ?>
241 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'product_build' ) ?></td>
242 <?php } else { ?>
243 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">&#160;</td>
244 <?php } ?>
245 <?php if ( $t_show_product_version ) { ?>
246 <td class="small-caption" colspan="<?php echo ( 2 * $t_custom_cols ); ?>"><?php echo lang_get( 'product_version' ) ?></td>
247 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'fixed_in_version' ) ?></td>
248 <?php } else { ?>
249 <td class="small-caption" colspan="<?php echo ( 2 * $t_custom_cols ); ?>">&#160;</td>
250 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">&#160;</td>
251 <?php } ?>
252 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'priority' ) ?></td>
253 <?php if ( $t_show_product_version ) { ?>
254 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'target_version' ) ?></td>
255 <?php } else { ?>
256 <td class="small-caption" colspan="<?php echo ( ( $t_filter_cols - 7 ) * $t_custom_cols ); ?>">&#160;</td>
257 <?php } ?>
258 </tr>
259 <tr class="row-1">
260 <!-- Status -->
261 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
262 <?php print_filter_show_status(); ?>
263 </td>
264 <!-- Hide Status -->
265 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
266 <?php
267 if ( 'simple' == $f_view_type ) {
268 print_filter_hide_status();
269 } else {
270 echo '&#160;';
271 }
272 ?>
273 </td>
274 <!-- Build -->
275 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
276 <?php if ( $t_show_build ) {
277 print_filter_show_build();
278 } ?>
279 </td>
280 <!-- Version -->
281 <td colspan="<?php echo ( 2 * $t_custom_cols ); ?>">
282 <?php if ( $t_show_product_version ) {
283 print_filter_show_version();
284 } else {
285 echo "&#160;";
286 } ?>
287 </td>
288 <!-- Fixed in Version -->
289 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
290 <?php if ( $t_show_product_version ) {
291 print_filter_show_fixed_in_version();
292 } else {
293 echo "&#160;";
294 } ?>
295 </td>
296 <!-- Priority -->
297 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
298 <?php print_filter_show_priority(); ?>
299 </td>
300 <!-- Target Version -->
301 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
302 <?php if ( $t_show_product_version ) {
303 print_filter_show_target_version();
304 } else {
305 echo "&#160;";
306 } ?>
307 </td>
308 </tr>
309
310 <tr class="row-category2">
311 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'show' ) ?></td>
312 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'view_status' ) ?></td>
313 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'sticky' ) ?></td>
314 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'changed' ) ?></td>
315 <td class="small-caption" colspan="<?php echo ( 3 * $t_custom_cols ); ?>">
316 <label><input type="checkbox" id="use_date_filters" name="<?php echo FILTER_PROPERTY_FILTER_BY_DATE ?>" <?php check_checked( $t_filter['filter_by_date'], 'on' ) ?> /><?php echo lang_get( 'use_date_filters' )?></label>
317 </td>
318 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
319 <?php echo lang_get( 'bug_relationships' ) ?>
320 </td>
321 <!-- <td colspan="<?php echo ( ( $t_filter_cols - 8 ) * $t_custom_cols ); ?>">&#160;</td> -->
322 </tr>
323 <tr class="row-2">
324 <!-- Number of bugs per page -->
325 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
326 <?php print_filter_per_page(); ?>
327 </td>
328 <!-- View Status -->
329 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
330 <?php print_filter_view_state(); ?>
331 </td>
332 <!-- Show Sticky bugs -->
333 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
334 <?php print_filter_sticky_issues(); ?>
335 </td>
336 <!-- Highlight changed bugs -->
337 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
338 <?php print_filter_highlight_changed(); ?>
339 </td>
340 <td class="left" colspan="<?php echo ( 3 * $t_custom_cols ); ?>">
341 <?php print_filter_do_filter_by_date( true ); # hide checkbox as it's already been shown ?>
342 </td>
343 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
344 <?php print_filter_relationship_type(); ?>
345 </td>
346 <!-- <td colspan="<?php echo ( ( $t_filter_cols - 8 ) * $t_custom_cols ); ?>">&#160;</td> -->
347 </tr>
348
349 <?php
350 if ( ON == config_get( 'filter_by_custom_fields' ) ) {
351
352 # -- Custom Field Searching --
353 if ( count( $t_accessible_custom_fields_ids ) > 0 ) {
354 $t_per_row = config_get( 'filter_custom_fields_per_row' );
355 $t_num_rows = ceil( count( $t_accessible_custom_fields_ids ) / $t_per_row );
356 $t_base = 0;
357
358 for ( $i = 0; $i < $t_num_rows; $i++ ) {
359 ?>
360 <tr class="row-category2">
361 <?php
362 for( $j = 0; $j < $t_per_row; $j++ ) {
363 echo '<td class="small-caption" colspan="' . ( 1 * $t_filter_cols ) . '">';
364 if ( isset( $t_accessible_custom_fields_names[$t_base + $j] ) ) {
365 echo string_display( lang_get_defaulted( $t_accessible_custom_fields_names[$t_base + $j] ) );
366 } else {
367 echo '&#160;';
368 }
369 echo '</td>';
370 }
371 ?>
372 </tr>
373 <tr class="row-2">
374 <?php
375 for ( $j = 0; $j < $t_per_row; $j++ ) {
376 echo '<td colspan="' . ( 1 * $t_filter_cols ) . '">';
377 if ( isset( $t_accessible_custom_fields_ids[$t_base + $j] ) ) {
378 print_filter_custom_field($t_accessible_custom_fields_ids[$t_base + $j]);
379 } else {
380 echo '&#160;';
381 }
382 echo '</td>';
383 }
384
385 ?>
386 </tr>
387 <?php
388 $t_base += $t_per_row;
389 }
390 }
391 }
392
393 if ( 'simple' == $f_view_type ) {
394 $t_project_cols = 0;
395 } else {
396 $t_project_cols = 3;
397 }
398 ?>
399
400 <tr class="row-1">
401 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
402 <?php echo lang_get( 'sort_label' ) ?>
403 </td>
404 <td colspan="<?php echo ( ( $t_filter_cols - 1 - $t_project_cols ) * $t_custom_cols ); ?>">
405 <?php
406 print_filter_show_sort();
407 ?>
408 </td>
409 <?php
410 if ( 'advanced' == $f_view_type ) {
411 ?>
412 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
413 <?php echo lang_get( 'email_project_label' ) ?>
414 </td>
415 <td colspan="<?php echo( 2 * $t_custom_cols ); ?>">
416 <?php
417 print_filter_project_id();
418 ?>
419 </td>
420 <?php
421 }
422 ?>
423 </tr>
424
425 <?php
426
427 # get plugin filters
428 $t_plugin_filters = filter_get_plugin_filters();
429 $t_column = 0;
430 $t_fields = '';
431 $t_row_filters = array();
432
433 # output a filter form element for each plugin filter
434 foreach( $t_plugin_filters as $t_field_name => $t_filter_object ) {
435 $t_fields .= '<td class="small-caption" colspan="' . $t_custom_cols . '"> ' . string_display_line( $t_filter_object->title ) . ' </td>';
436 $t_row_filters[] = $t_field_name;
437
438 $t_column++;
439
440 # wrap at the appropriate column
441 if ( $t_column >= $t_filter_cols ) {
442 echo '<tr class="row-category2">', $t_fields, '</tr>';
443 echo '<tr class="row-1">';
444 foreach( $t_row_filters as $t_row_field_name ) {
445 echo '<td class="small-caption" colspan="' . $t_custom_cols . '"> ',
446 print_filter_plugin_field( $t_row_field_name, $t_plugin_filters[ $t_row_field_name ] ), '</td>';
447 }
448 echo '</tr>';
449
450 $t_fields = '';
451 $t_row_filters = array();
452 }
453 }
454
455 # output any remaining plugin filters
456 if ( $t_column > 0 ) {
457 if ( $t_column < $t_filter_cols ) {
458 $t_fields .= '<td class="small-caption" colspan="' . ( $t_filter_cols - $t_column ) * $t_custom_cols . '">&#160;</td>';
459 }
460
461 echo '<tr class="row-category2">', $t_fields, '</tr>';
462 echo '<tr class="row-1">';
463 foreach( $t_row_filters as $t_row_field_name ) {
464 echo '<td class="small-caption" colspan="' . $t_custom_cols . '"> ',
465 print_filter_plugin_field( $t_row_field_name, $t_plugin_filters[ $t_row_field_name ] ), '</td>';
466 }
467
468 if ( $t_column < $t_filter_cols ) {
469 echo '<td class="small-caption" colspan="' . ( $t_filter_cols - $t_column ) * $t_custom_cols . '">&#160;</td>';
470 }
471
472 echo '</tr>';
473 }
474
475 ?>
476
477 <tr class="row-category2">
478 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"><?php echo lang_get( 'search' ) ?></td>
479 <td class="small-caption" colspan="<?php echo ( ( $t_filter_cols - 2 ) * $t_custom_cols ); ?>"><?php if ( $t_show_tags ) { echo lang_get( 'tags' ); } ?></td>
480 <td class="small-caption" colspan="<?php echo ( 1 * $t_custom_cols ); ?>"></td>
481 </tr>
482 <tr class="row-1">
483 <!-- Search field -->
484 <td colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
485 <input type="text" size="16" name="search" value="<?php echo string_html_specialchars( $t_filter['search'] ); ?>" />
486 </td>
487
488 <td class="small-caption" colspan="<?php echo ( ( $t_filter_cols - 2 ) * $t_custom_cols ); ?>"><?php if ( $t_show_tags ) { print_filter_tag_string(); } ?></td>
489
490 <!-- Submit button -->
491 <td class="right" colspan="<?php echo ( 1 * $t_custom_cols ); ?>">
492 <input type="submit" name="filter" class="button" value="<?php echo lang_get( 'filter_button' ) ?>" />
493 </td>
494 </tr>
495 </table>
496 </form>
497 </div>
498 <?php
499 html_page_bottom();